Moving SSH from external IP to internal IP

[Snakebite]

Hi all.
I just installed ZCS on the CentOS 5.5 machine. It was easy, without any problems and now it is up and running.
The machine which run ZCS is also used as gateway, proxy, firewall and webserver.
Now i want to be more secure because i'm in production, so i decided to move SSH from the public IP, to the internal IP and also on localhost to prevent any possible errors from ZCS. From the moment when i put SSH to run on the port 22 over 127.0.0.1 and 192.168.x.y ip addresses i receive this error:

Quote:

Server error encountered
Message: system failure: exception during auth {RemoteManager: mail.mastersystem.ro->zimbra@mail.mastersystem.ro:22} Error code: service.FAILURE Method: GetMailQueueInfoRequest Details:soap:Receiver

When i put it again on the public ip, everything works fain.
So i'm asking, if the SSH can be run only on the ip address which correspond to the MX registration or can be changed to any ip address from machine?
And.. how can i make this whithout getting an error?
I followed the procedure described here Mail Queue Monitoring - Zimbra :: Wiki but whithout any results.
Question: Can i move SSH on lan interface and how can i do that?

Thank you.

[phoenix]

Quote:

Originally Posted by Snakebite

Hi all.
I just installed ZCS on the CentOS 5.5 machine. It was easy, without any problems and now it is up and running.
The machine which run ZCS is also used as gateway, proxy, firewall and webserver.

You should not be running your Zimbra server on the Gateway/Firewall/Proxy/websererver for you LAN - you will end-up with problem.

Quote:

Originally Posted by Snakebite

Now i want to be more secure because i'm in production,

See comment above.

Quote:

Originally Posted by Snakebite

so i decided to move SSH from the public IP, to the internal IP and also on localhost to prevent any possible errors from ZCS. From the moment when i put SSH to run on the port 22 over 127.0.0.1 and 192.168.x.y ip addresses i receive this error:

When i put it again on the public ip, everything works fain.
So i'm asking, if the SSH can be run only on the ip address which correspond to the MX registration or can be changed to any ip address from machine?
And.. how can i make this whithout getting an error?
I followed the procedure described here Mail Queue Monitoring - Zimbra :: Wiki but whithout any results.
Question: Can i move SSH on lan interface and how can i do that?

The only thing you should do in these circumstances is block ssh at the firewall. If you wish to change ssh to a different port then search the forums for details. I'd strongly advise you to move the Zimbra server to another box inside your LAN.